ACL配置 |
您所在的位置:网站首页 › 华为acl设置 › ACL配置 |
|
当protocol为UDP协议时,配置高级ACL规则。 rule [ rule-id ] [ name rule-name ] { permit | deny } { udp | 17 } [ [ dscp { dscp | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef } | [ tos { tos | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | precedence { precedence | critical | flash | flash-override | immediate | internet | network | priority | routine } ] * ] | { destination { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | destination-pool destination-pool-name } | { destination-port { range { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp | vxlan } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp | vxlan } | { gt | lt | eq | neq } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp | vxlan } } | destination-port-pool destination-port-pool-name } | [ fragment-type { fragment | fragment-subseq | non-fragment | non-subseq | fragment-spe-first } ] | { source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-pool source-pool-name } | { source-port { range { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } | { gt | lt | eq | neq } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } } | source-port-pool source-port-pool-name } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] | ttl { { gt | lt | eq | neq } ttl-value | range ttl-value ttl-value } | packet-length { { gt | lt | eq | neq } begin-pktlen | range begin-pktlen end-pktlen } ] * rule [ rule-id ] [ name rule-name ] { permit | deny } { udp | 17 } vxlan vni vni [ [ dscp { dscp | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef } | [ tos { tos | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | precedence { precedence | critical | flash | flash-override | immediate | internet | network | priority | routine } ] * ] | { destination { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | destination-pool destination-pool-name } | [ fragment-type { fragment | fragment-subseq | non-fragment | non-subseq | fragment-spe-first } ] | { source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-pool source-pool-name } | { source-port { range { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } | { gt | lt | eq | neq } { port-number | biff | bootpc | bootps | dns | discard | dnsix | echo | mobilip-ag | mobilip-mn | nameserver | netbios-dgm | netbios-ns | netbios-ssn | ntp | rip | snmp | snmptrap | sunrpc | syslog | tacacs-ds | talk | tftp | time | who | xdmcp } } | source-port-pool source-port-pool-name } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] | ttl { { gt | lt | eq | neq } ttl-value | range ttl-value ttl-value } | packet-length { { gt | lt | eq | neq } begin-pktlen | range begin-pktlen end-pktlen } ] * 当protocol为TCP协议时,配置高级ACL规则。 rule [ rule-id ] [ name rule-name ] { permit | deny } { tcp | 6 } [ [ dscp { dscp | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef } | [ precedence { precedence | critical | flash | flash-override | immediate | internet | network | priority | routine } | tos { tos | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } ] * ] | { destination { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | destination-pool destination-pool-name } | { destination-port { range { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } | { gt | lt | eq | neq } { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } } | destination-port-pool destination-port-pool-name } | [ fragment-type { fragment | fragment-subseq | non-fragment | non-subseq | fragment-spe-first } ] | { source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-pool source-pool-name } | { source-port { range { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } | { gt | lt | eq | neq } { port-number | chargen | bgp | cmd | daytime | discard | domain | echo | exec | finger | ftp | ftp-data | gopher | hostname | irc | klogin | kshell | login | lpd | nntp | pop2 | pop3 | smtp | sunrpc | tacacs | talk | telnet | time | uucp | whois | www } } | source-port-pool source-port-pool-name } | { syn-flag | tcp-flag } { tcp-flag [ mask mask-value ] | established | { ack [ fin | psh | rst | syn | urg ] * } | { fin [ ack | psh | rst | syn | urg ] * } | { psh [ fin | ack | rst | syn | urg ] * } | { rst [ fin | psh | ack | syn | urg ] * } | { syn [ fin | psh | rst | ack | urg ] * } | { urg [ fin | psh | rst | syn | ack ] * } } | [ vpn-instance vpn-instance-name | vpn-instance-any ] | time-range time-name | packet-length { { gt | lt | eq | neq } begin-pktlen | range begin-pktlen end-pktlen } | ttl { { gt | lt | eq | neq } ttl-value | range ttl-value ttl-value } ] * 当protocol为ICMP协议时,配置高级ACL规则。 rule [ rule-id ] [ name rule-name ] { permit | deny } { icmp | 1 } [ [ dscp { dscp | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef } | [ tos { tos | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | precedence { precedence | critical | flash | flash-override | immediate | internet | network | priority | routine } ] * ] | { destination { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | destination-pool destination-pool-name } | [ fragment-type { fragment | fragment-subseq | non-fragment | non-subseq | fragment-spe-first } ] | icmp-type { icmp-name | icmp-type [ icmp-code ] } | { source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-pool source-pool-name } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] | ttl { { gt | lt | eq | neq } ttl-value | range ttl-value ttl-value } | packet-length { { gt | lt | eq | neq } begin-pktlen | range begin-pktlen end-pktlen } ] * 当protocol为上述知名协议之外的其他协议时,配置高级ACL规则。 rule [ rule-id ] [ name rule-name ] { permit | deny } { zero | protocol | gre | igmp | ip | ipinip | ospf | 7-16 | 18-255 } [ [ dscp { dscp | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef } | [ tos { value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal } | precedence { precedence | critical | flash | flash-override | immediate | internet | network | priority | routine } ] * ] | { destination { destination-ip-address { destination-wildcard | 0 | des-netmask } | any } | destination-pool destination-pool-name } | [ fragment-type { fragment | fragment-subseq | non-fragment | non-subseq | fragment-spe-first } ] | { source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | source-pool source-pool-name } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] | ttl { { gt | lt | eq | neq } ttl-value | range ttl-value ttl-value } | packet-length { { gt | lt | eq | neq } begin-pktlen | range begin-pktlen end-pktlen } ] * |
今日新闻 |
推荐新闻 |
| CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |